summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorrameshiyer27 <ramesh.murugan.iyer@est.tech>2022-05-17 12:04:03 +0100
committerrameshiyer27 <ramesh.murugan.iyer@est.tech>2022-05-17 12:49:12 +0100
commitb77b61847ddd169da9a71b05742ed51bc826f5f6 (patch)
tree9f8ef7d8cae38dbaf11d0838a9ce70b4887eb004
parent9fa11a0b5ef61399598cc84950209bd8b38eed82 (diff)
Add user configurable parameter for permitted helm repo protocols
User can configure the permitted helm repository protocols http/https based on the requirement. Issue-ID: POLICY-4113 Signed-off-by: zrrmmua <ramesh.murugan.iyer@est.tech> Change-Id: Ib7c91413babd15d0bd22ceffe10cdc1c3a6a0fd0
-rw-r--r--packages/policy-clamp-tarball/src/main/resources/etc/KubernetesParticipantParameters.yaml14
-rw-r--r--participant/participant-impl/participant-impl-kubernetes/src/main/java/org/onap/policy/clamp/acm/participant/kubernetes/configurations/HelmRepositoryConfig.java2
-rw-r--r--participant/participant-impl/participant-impl-kubernetes/src/main/java/org/onap/policy/clamp/acm/participant/kubernetes/service/ChartService.java13
-rw-r--r--participant/participant-impl/participant-impl-kubernetes/src/main/resources/config/application.yaml8
-rw-r--r--participant/participant-impl/participant-impl-kubernetes/src/test/java/org/onap/policy/clamp/acm/participant/kubernetes/service/ChartServiceTest.java1
5 files changed, 30 insertions, 8 deletions
diff --git a/packages/policy-clamp-tarball/src/main/resources/etc/KubernetesParticipantParameters.yaml b/packages/policy-clamp-tarball/src/main/resources/etc/KubernetesParticipantParameters.yaml
index c6acf4052..ad1669c66 100644
--- a/packages/policy-clamp-tarball/src/main/resources/etc/KubernetesParticipantParameters.yaml
+++ b/packages/policy-clamp-tarball/src/main/resources/etc/KubernetesParticipantParameters.yaml
@@ -59,3 +59,17 @@ logging:
chart:
api:
enabled: false
+
+# Update the config here for permitting repositories and protocols
+helm:
+ repos:
+ -
+ repoName: kong
+ address: https://charts.konghq.com
+ -
+ repoName: bitnami
+ address: https://charts.bitnami.com/bitnami
+
+ protocols:
+ - http
+ - https \ No newline at end of file
diff --git a/participant/participant-impl/participant-impl-kubernetes/src/main/java/org/onap/policy/clamp/acm/participant/kubernetes/configurations/HelmRepositoryConfig.java b/participant/participant-impl/participant-impl-kubernetes/src/main/java/org/onap/policy/clamp/acm/participant/kubernetes/configurations/HelmRepositoryConfig.java
index 4d00e38ec..61a813e8a 100644
--- a/participant/participant-impl/participant-impl-kubernetes/src/main/java/org/onap/policy/clamp/acm/participant/kubernetes/configurations/HelmRepositoryConfig.java
+++ b/participant/participant-impl/participant-impl-kubernetes/src/main/java/org/onap/policy/clamp/acm/participant/kubernetes/configurations/HelmRepositoryConfig.java
@@ -38,4 +38,6 @@ public class HelmRepositoryConfig {
private final Logger logger = LoggerFactory.getLogger(MethodHandles.lookup().lookupClass());
private List<HelmRepository> repos = new ArrayList<>();
+
+ private List<String> protocols = new ArrayList<>();
}
diff --git a/participant/participant-impl/participant-impl-kubernetes/src/main/java/org/onap/policy/clamp/acm/participant/kubernetes/service/ChartService.java b/participant/participant-impl/participant-impl-kubernetes/src/main/java/org/onap/policy/clamp/acm/participant/kubernetes/service/ChartService.java
index e9cd8a2c3..888600fde 100644
--- a/participant/participant-impl/participant-impl-kubernetes/src/main/java/org/onap/policy/clamp/acm/participant/kubernetes/service/ChartService.java
+++ b/participant/participant-impl/participant-impl-kubernetes/src/main/java/org/onap/policy/clamp/acm/participant/kubernetes/service/ChartService.java
@@ -93,7 +93,7 @@ public class ChartService {
* @throws IOException in case of IO errors
*/
public boolean installChart(ChartInfo chart) throws ServiceException, IOException {
- boolean whiteListed = false;
+ boolean permittedRepo = false;
if (chart.getRepository() == null) {
String repoName = findChartRepo(chart);
if (repoName == null) {
@@ -106,17 +106,18 @@ public class ChartService {
}
} else {
// Add remote repository if passed via TOSCA
- // check whether the repo is whitelisted
+ // check whether the repo is permitted
for (HelmRepository repo : helmRepositoryConfig.getRepos()) {
if (repo.getAddress().equals(chart.getRepository().getAddress())
- && chart.getRepository().getAddress().contains("https")) {
+ && helmRepositoryConfig.getProtocols()
+ .contains(chart.getRepository().getAddress().split(":")[0])) {
configureRepository(chart.getRepository());
- whiteListed = true;
+ permittedRepo = true;
break;
}
}
- if (!whiteListed) {
- logger.error("Repository is not Whitelisted / plain http in not allowed");
+ if (!permittedRepo) {
+ logger.error("Helm Repository/Protocol is not permitted for {}", chart.getRepository().getAddress());
return false;
}
}
diff --git a/participant/participant-impl/participant-impl-kubernetes/src/main/resources/config/application.yaml b/participant/participant-impl/participant-impl-kubernetes/src/main/resources/config/application.yaml
index ac18bca39..0f8c49547 100644
--- a/participant/participant-impl/participant-impl-kubernetes/src/main/resources/config/application.yaml
+++ b/participant/participant-impl/participant-impl-kubernetes/src/main/resources/config/application.yaml
@@ -58,7 +58,7 @@ logging:
chart:
api:
enabled: false
-
+# Update the config here for permitting repositories and protocols
helm:
repos:
-
@@ -66,4 +66,8 @@ helm:
address: https://charts.konghq.com
-
repoName: bitnami
- address: https://charts.bitnami.com/bitnami \ No newline at end of file
+ address: https://charts.bitnami.com/bitnami
+
+ protocols:
+ - http
+ - https \ No newline at end of file
diff --git a/participant/participant-impl/participant-impl-kubernetes/src/test/java/org/onap/policy/clamp/acm/participant/kubernetes/service/ChartServiceTest.java b/participant/participant-impl/participant-impl-kubernetes/src/test/java/org/onap/policy/clamp/acm/participant/kubernetes/service/ChartServiceTest.java
index d83d43f20..669ca3fe3 100644
--- a/participant/participant-impl/participant-impl-kubernetes/src/test/java/org/onap/policy/clamp/acm/participant/kubernetes/service/ChartServiceTest.java
+++ b/participant/participant-impl/participant-impl-kubernetes/src/test/java/org/onap/policy/clamp/acm/participant/kubernetes/service/ChartServiceTest.java
@@ -123,6 +123,7 @@ class ChartServiceTest {
List<HelmRepository> helmRepositoryList = new ArrayList<>();
helmRepositoryList.add(HelmRepository.builder().address("https://localhost:8080").build());
doReturn(helmRepositoryList).when(helmRepositoryConfig).getRepos();
+ doReturn(List.of("http", "https")).when(helmRepositoryConfig).getProtocols();
assertDoesNotThrow(() -> chartService.installChart(charts.get(0)));
doThrow(ServiceException.class).when(helmClient).installChart(any());
assertThatThrownBy(() -> chartService.installChart(charts.get(0))).isInstanceOf(ServiceException.class);